Single Sign-On


Use your company's identity provider (IDP) for seamless authentication with Tarsal’s ETL services. Single sign-on (SSO) provides secure access for your organization’s users to sync and transform your data sources.

The following section explains helpful terms as you configure SSO for Tarsal.


Identity Provider (IDP): A service that stores, manages, and verifies user identity. Facilitated by an authentication token issued to the service provider (SP).

SAML: An open XML standard for exchanging online authentication and authorization data between two systems, typically an IDP and an SP. SAML is a subset of SSO.

SAML Assertion: An XML document containing messages with confidential user authorization data. Sent by the IDP to the SP after a successful SAML authentication request instead of credentials, signed with a private key. Identifies users and provides relevant information, including entitlements.

Service Provider (SP): A partner that provides services to a user. SPs request authentication rather than provide authentication and rely on IDPs for authentication decisions. Tarsal acts as the SP using SP-initiated SSO.

Single Sign-On (SSO): A broad term for any type of authentication allowing users to access multiple independent services and applications with one set of credentials to secure and speed up login. User authentication is centralized with an IDP to verify identity but isn’t stored. Tarsal SSO integrations only support SAML.

Getting Started with SSO

The initial SSO flow between Tarsal and the IDP is as follows:

  1. Tarsal requests a SAML authorization from the IDP.
  2. The IDP authenticates the request and validates credentials.
  3. If successful, the IDP sends a signed SAML assertion to Tarsal and initiates a session.
  4. Tarsal validates the assertion and provides access.


App Creation

Some SSO integrations require an app in your target IDP. Specific instructions vary by IDP; some are provided in the following sections. If your IDP’s relevant documentation is not described, please consult it.


Parallel Configuration with Tarsal and IDPs

During the SSO set-up process, keeping both Tarsal and your IDP browser windows open is helpful. Look for this browser icon (), which tells you when to switch between the two.

Please refer to the following instructions for your IDP configuration.